Header Image

SecureSpan Gateway AMI

Securely Integrate Your Enterprise and Amazon EC2-based Applications

True Hybrid Cloud Enablement for Amazon EC2


Amazon Web Services’ Elastic Compute Cloud (EC2) service is a public cloud infrastructure that offers computing resources on demand, eliminating upfront capital expenditures. However, creating a hybrid cloud model involving both enterprise and EC2-based applications raises issues around security, scalability and control.

The Layer 7 SecureSpan Gateway AMI makes Layer 7’s industry-leading API Gateway technology available for the Amazon Web Services public cloud environment, ensuring EC2-based applications can securely and manageably integrate with enterprise applications, for a complete hybrid cloud solution.

SecureSpan Gateway AMI Example


Learn More About Layer 7's API Gateway Technology


Securely Integrate EC2 Applications with the Enterprise


The SecureSpan AMI acts as an API and Web services Gateway for:

  • Simplifying federation
  • Orchestrating data flows
  • Mediating between diverse message formats and API interfaces

This provides an efficient solution for controlling how applications delivered as REST or SOAP-based APIs get accessed and consumed, without the need for additional coding. With the SecureSpan AMI, organizations can bridge the enterprise and cloud, making their Amazon EC2 applications look and feel and operate like extended parts of the secure enterprise.

The SecureSpan AMI makes it possible to:

  • Securely expose data and functionality at the Web services or API layer
  • Orchestrate secure integration channels between the enterprise, partner systems and Amazon EC2-operated applications
  • Leverage existing, internal identity and access infrastructure for local authentication, local authorization and Single Sign-On (SSO) to partner resources
  • Optimize performance and scalability through distributed caching, intelligent workflow and policy-based adaptation/composition of data assets
  • Monitor availability and performance of Amazon EC2-based applications that integrate back into the enterprise via Web services and other APIs
  • Log, track and audit all programmatic interactions between enterprise applications and Amazon EC2 applications
  • Enhance EC2 CloudWatch, Auto Scaling and Elastic Load Balancing with application-aware feedback, for autonomic scaling and load balancing of application traffic

WEBINAR: How to Secure & Govern Integrations Between the Enterprise & the Cloud featuring Best Buy & Amazon Web Services


DEMO: Identity Federation to Amazon Web Services

Hybrid Cloud Optimization


Provides an intelligent control point for:

  • Local or distributed caching
  • Secure, dynamic routing to partners or across the enterprise
  • Transformation and adaptation of data formats and protocols
  • Auto scaling and load balancing integration
  • Feedback to existing availability mechanisms

Cloud-Based Security & Privacy


Creates a Cloud-resident security layer and enterprise integration channel, to ensure the enterprise retains control over applications that expose Web services or APIs on Amazon EC2.


Complete Solution


Provides industry-leading functionality for:

  • Edge-based security and access control for REST or XML APIs
  • Federation of identities and data across the enterprise and Cloud
  • Enterprise-wide management across form factors and deployments

Cost-Effective Solution


Bundles sophisticated functionality for governance, security and management in the Amazon Cloud, which is more economical than assembling a solution from separate components.

SecureSpan XML Gateway Amazon Machine Image



AMI Manifest /layer7technology/v52v1_32bit/image.manifest.xml
License Public
Operating System Linux/Unix


The SecureSpan Gateway AMI supports:

  • XML
  • JSON
  • SOAP
  • REST
  • AJAX
  • XPath
  • XSLT
  • WSDL
  • XML Schema
  • LDAP
  • SAML
  • OAuth
  • PKCS
  • Kerberos
  • X.509 Certificates
  • FIPS 140-2, XML Signature
  • XML Encryption
  • SNMP
  • SMTP
  • POP3
  • WCF
  • IMAP4
  • JMS
  • MQ Series
  • Tibco EMS
  • WS-Security
  • WS-Trust
  • WS-Federation
  • WS-SecureExchange
  • WS-Addressing
  • WSIL
  • WS-I BSP
  • WS-I
  • WS-SecureConversation
  • WS-MetadataExchange
  • WS-Policy
  • WS-SecurityPolicy
  • WS-PolicyAttachment
  • UDDI
  • WSRR
  • MTOM
  • IPv6

Supported EC2 Features

  • Leverages the Amazon Web Services Firewall for IP-level firewalling
  • Utilizes the Amazon load balancer for availability and greater reliability
  • Allows on-demand instances to be created for spin-up (to handle demand spikes) or scaled down during periods of low traffic (to minimize costs)
Virtual Private Cloud
  • Enables secure administration of the SecureSpan AMI
  • Monitors system metrics and node health
  • Dynamically routes to new nodes deployed for additional capacity
  • Supports EC2’s “on-demand” and “reserved” instances

Identity & Message-Level Security

Enable Identity-Based Access Controls
  • Authenticate users and applications based on data from existing on-premise identity stores
  • Integrate with leading identity, access, SSO and federation systems from Oracle, Sun, Microsoft, CA, IBM Tivoli and Novell
  • Ensure only users or applications with valid entitlements can execute specific services, operations or APIs
  • Expose two- or three-legged OAuth interactions for delegated authorization to resources
Manage Security  for Cross-Domain & B2B Relationships
  • Makes it possible to selectively control how Amazon-based applications are programmatically exposed to partners and other third parties
  • Support for credential chaining and credential remapping as well as identity federation
  • Integrated Security Token Service issuer featuring support for WS-Trust, WS-Federation, OAuth and SAML-P protocols
  • Integrated PKI CA for automated deployment and management of client-side certificates plus integrated RA for external CAs
Enforce WS* & WS-I Standards
  • Support for all major WS* and WS-I security protocols, such as WS-Security, WS-SecureConversation and WS-SecurityPolicy
Secure WSDL, REST & POX Interfaces
  • Selectively control access to interfaces down to an operation level
  • Create on-the-fly composite WSDL views tailored to specific requestors
  • Enable support service look-up and publication via WSIL and UDDI
Audit Transactions
  • Log any/all message-level transaction information
Utilize State-of-the-Art Cryptography
  • Support for elliptic curve cryptography and FIPS 140-2

Threat Protection

Filter XML Content for SOA, Web & Cloud
  • Validate and filter HTTP headers, parameters and form data
  • Detect classified or “dirty” words or arbitrary signatures
  • Filter SOAP, POX, AJAX, REST and other XML-based services
Protect Transactional Integrity
  • Protect against identity spoofing and session hijacking
  • Preserve privacy, confidentiality and integrity of messages/data
Prevent XML Attack & Intrusion
  • Protect against XML, XDoS, OS, SQL injection and external entity attacks
  • Protect against XML content tampering and viruses in SOAP attachments
  • Deploy a US DoD STIG vulnerability tested XML Gateway technology

API Management

  • Secure, manage, monitor and control access to APIs
  • Throttle API usage to ensure backend services are not overwhelmed
Metrics & Reporting
  • Get quick insight into API performance (utilization, availability etc.)
  • Track failed authentications and policy violations to identify threats
  • Support for all major WS* and WS-I security protocols
  • Support for all major authentication standards, including SAML and OAuth

Performance Management

Message Caching
  • Cache responses to common requests, decreasing backend service load
Concurrent Assertion Processing
  • Run multiple assertions concurrently, thereby reducing overall latency when assembling a response from multiple backend services
Accelerated XML Processing
  • Transform messages, based on internal or external XSLT
  • Validate messages against predefined external schema
  • Leverage high-speed message searching, element detection etc.

Traffic Management

  • Enable granular rate limiting and traffic shaping based on number of requests or service availability
Class of Service
  • Prioritize application traffic based on quality-of-service preferences
Service Availability
  • Monitor and track EC2-based service performance, health and metrics
  • Monitor and track Amazon EC2 uptime SLAs
  • Re-route to back-up services, based on availability or latency

Policy Management

Composition & Editing
  • Compose policy statements from over 100 pre-made policy assertions
  • Branch policy execution based on logical conditions, message content etc.
  • Publish policies to popular registries for lifecycle management
  • Get API-level access to administration
  • Update polices on the fly, with no downtime required
Lifecycle Management
  • Manage policy lifecycle across geographical locations and environments
  • Quickly create customized policy assertions using a simple Java SDK

Service Management

  • Quickly view audits, events and metrics for Gateways
Policy Migration
  • Migrate policies across development, test, staging and production
Services Reporting
  • Get quick insight into Gateway operations and service-levels
Remote Patching
  • Selectively update any software installed on Gateways
Disaster Recovery
  • Centrally back-up configuration files and policies and restore remotely
Remote Management
  • Integrate existing third-party management tools